923b767ac038b3c092ca951ad8a3c0385f445d01595736dfb81133cc74b02054

Analysis

max time kernel
165s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
Size

1.8MB
MD5

2cbb9d49a3cf0dadff9f8e2a93f6dd17
SHA1

885fd3a25f703abed2d33bf58c45037402d26587
SHA256

923b767ac038b3c092ca951ad8a3c0385f445d01595736dfb81133cc74b02054
SHA512

c90542708f8720b675374344532d3375ad6fcb9a9a65a78b7cd8bfc0c79a71e8e26069edfa51dc51804803ad3a0b99a0e307ce7bb5231333b66dca17ff467bdd
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqo:SCqm2Jpr0nNM7Dus7Nxh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3380-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/3380-149-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.exe	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe

C:\Users\Admin\AppData\Local\Temp\2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe
"C:\Users\Admin\AppData\Local\Temp\2cbb9d49a3cf0dadff9f8e2a93f6dd17.exe"
1⤵
- Drops file in Program Files directory
PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
507e6d744977d5dddf3fbdbfe2c601f7

SHA1
5458d92316035ebad90b1770e597c7a56db0cd3a

SHA256
9ce2e07efa231ca012405b641c09d24448ba651c5d8f1e04c6c2a86aa341cd40

SHA512
b28fe8207873eedcb7d097fea6b2bbb282eb1c134c5c6763bc0d3df804e0ab31ea8b10db567545ceb28b660dea5f0037a1bb017b35b9b418f20f1752fe5271ef

Download Submit
memory/3380-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3380-149-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads