afca8dd2dc2668b84db2bdc01623cf93ce3d0e3a814c8bd332fa8df5c6607018

Analysis

max time kernel
137s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cd0481ba30fbbd10c557d5fd2064b58.exe
Size

1.8MB
MD5

2cd0481ba30fbbd10c557d5fd2064b58
SHA1

3659f1fef54cb70c385c55eb77cf78aa88f82489
SHA256

afca8dd2dc2668b84db2bdc01623cf93ce3d0e3a814c8bd332fa8df5c6607018
SHA512

a5e806d43ac66578e1f2a67953f94d7d0d6c23ee39e66d53db7a8f158a7050e85c5e90d2ad83816f8cfe38f89423a54d484ef3177fbb7f6caad9b5bc813aa3de
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH6:SCqm2Jpr0nNM7Dus7Nx2a

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3412-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3412-359-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\DisconnectRestart.jpg	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\BackupGrant.jpeg	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.exe	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	2cd0481ba30fbbd10c557d5fd2064b58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	2cd0481ba30fbbd10c557d5fd2064b58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	2cd0481ba30fbbd10c557d5fd2064b58.exe

C:\Users\Admin\AppData\Local\Temp\2cd0481ba30fbbd10c557d5fd2064b58.exe
"C:\Users\Admin\AppData\Local\Temp\2cd0481ba30fbbd10c557d5fd2064b58.exe"
1⤵
- Drops file in Program Files directory
PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3412-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3412-359-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads