923b767ac038b3c092ca951ad8a3c0385f445d01595736dfb81133cc74b02054

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
Size

1.8MB
MD5

2cbb9d49a3cf0dadff9f8e2a93f6dd17
SHA1

885fd3a25f703abed2d33bf58c45037402d26587
SHA256

923b767ac038b3c092ca951ad8a3c0385f445d01595736dfb81133cc74b02054
SHA512

c90542708f8720b675374344532d3375ad6fcb9a9a65a78b7cd8bfc0c79a71e8e26069edfa51dc51804803ad3a0b99a0e307ce7bb5231333b66dca17ff467bdd
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqo:SCqm2Jpr0nNM7Dus7Nxh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000a0000000146c8-5.dat	upx
behavioral1/memory/2672-2615-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2672-9203-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Panama	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jre7\lib\psfont.properties.ja	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe

C:\Users\Admin\AppData\Local\Temp\2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
"C:\Users\Admin\AppData\Local\Temp\2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.4MB

MD5
beb9212fa72072cb274c8b0fc6ae9c0e

SHA1
11dfa95ca0e9563b0f29d55db87df716a33d56de

SHA256
44d0559a7c8c6b73fa15e48208d753242385e06519ca6b217572f9af772c1cb8

SHA512
a35706c1afa1c3a51c9d42b76d5d0383e20cc614c886540c57e91e82be727ee459d383a0fd80095741f139b2de443497ab74db5dd6f8bc6788a79bfeb46296eb

Download Submit
memory/2672-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2672-2615-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2672-9203-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads