43cbd9802bf6d3fb08de51c04859da63f1a495bea61d176e933487535f23b48b

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ca83f661333a1100358da56ab58a0a9.exe
Size

1.8MB
MD5

2ca83f661333a1100358da56ab58a0a9
SHA1

bac0b46ecde5fe30cb1e34336f4655a6916d2102
SHA256

43cbd9802bf6d3fb08de51c04859da63f1a495bea61d176e933487535f23b48b
SHA512

12f224fada087895238070a40bd34e0e23c8c7ef0663c68171e61936d8e2a3b1e9767a4a69e4d113556e945e6bce85b1e54084eaa4997910c6a0c421c6a6889c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHf:SCqm2Jpr0nNM7Dus7Nx2/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0038000000014713-5.dat	upx
behavioral1/memory/3064-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/3064-3519-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/3064-9216-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	2ca83f661333a1100358da56ab58a0a9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\WriteApprove.mp4.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.exe	2ca83f661333a1100358da56ab58a0a9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.exe	2ca83f661333a1100358da56ab58a0a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png	2ca83f661333a1100358da56ab58a0a9.exe

C:\Users\Admin\AppData\Local\Temp\2ca83f661333a1100358da56ab58a0a9.exe
"C:\Users\Admin\AppData\Local\Temp\2ca83f661333a1100358da56ab58a0a9.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
290KB

MD5
ae8fa988860fc8f39f5aff01888ce9fc

SHA1
8429c90b9a0c92776a2aa4eb6ec11421374cfa68

SHA256
5f8eaedaaeb16824c7ab252c0f267e2714547683a0a8586e6e16a10f3e5f77f7

SHA512
4fdbcb14836f944dd23df23579885030939a133a43ae3535dedf3d0fe035a1887a7fae7ac1dd0021723bfc039cc716738f0ef07a8389c7d2ecb4cc10ee654d02

Download Submit
memory/3064-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3064-3519-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3064-9216-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads