e048a5584b65e35cc4981d4e9a7d515b3f3ce096c33b90b3b14bb7a877bace71

Analysis

max time kernel
160s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cf5f2d474e2d4034bd130d165495291.exe
Size

2.8MB
MD5

2cf5f2d474e2d4034bd130d165495291
SHA1

5087b5cbc3230f53cc8a5c2a8037824377ab4578
SHA256

e048a5584b65e35cc4981d4e9a7d515b3f3ce096c33b90b3b14bb7a877bace71
SHA512

8f7a9462e73a4be71761736f70e68f014a7333219dca4ea7d87d5eeb9667d36808c31120d9f8d3d16c204620402b84616fc3813679af82e71c49e882942b4633
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV912:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0ni

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/372-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/372-224-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\LICENSE	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\BackupConnect.DVR	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.exe	2cf5f2d474e2d4034bd130d165495291.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui	2cf5f2d474e2d4034bd130d165495291.exe
File created	C:\Program Files\Common Files\System\wab32.dll.exe	2cf5f2d474e2d4034bd130d165495291.exe

C:\Users\Admin\AppData\Local\Temp\2cf5f2d474e2d4034bd130d165495291.exe
"C:\Users\Admin\AppData\Local\Temp\2cf5f2d474e2d4034bd130d165495291.exe"
1⤵
- Drops file in Program Files directory
PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.9MB

MD5
07990169f0abb8d68eb0f5886d71fed6

SHA1
ca0b11b39825a32a311ab684f3161b5a1b7476bc

SHA256
50d044defdad876c7874d1d6a0ad893e6318f667fcf87ff23fd578072104654a

SHA512
70f8b2af89078cff453ee0afc7d987d09181f4edbe7161fe75299de72545774c4e90b1033895f46b4fefdf71f197bc59328aa3052ae215b5e2be1ed84c22776f

Download Submit
memory/372-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/372-224-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads