59377208d074ce2fdb94324e422fc8f7b6c08de340b3c26ee89f00a755819b41

Analysis

max time kernel
4s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d67f77f1d490fa89c9cedb22ccab1c1.exe
Size

2.8MB
MD5

2d67f77f1d490fa89c9cedb22ccab1c1
SHA1

b61813519499702374996dd62ba687006a145193
SHA256

59377208d074ce2fdb94324e422fc8f7b6c08de340b3c26ee89f00a755819b41
SHA512

5f65925c5b99dfc1537d56f620b78412f68fa4c8c87f6fef45a1c6fd22b61957be16874e50e72daf1e0bdbb987947c9aa0e7ed3f5ca3c17a45e64945c2292ff6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91R:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001d000000015cac-5.dat	upx
behavioral1/memory/2536-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2536-2011-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2536-8383-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2d67f77f1d490fa89c9cedb22ccab1c1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.exe	2d67f77f1d490fa89c9cedb22ccab1c1.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	2d67f77f1d490fa89c9cedb22ccab1c1.exe

C:\Users\Admin\AppData\Local\Temp\2d67f77f1d490fa89c9cedb22ccab1c1.exe
"C:\Users\Admin\AppData\Local\Temp\2d67f77f1d490fa89c9cedb22ccab1c1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
204KB

MD5
6458511112184fa9a23b986d9945d1a3

SHA1
ad27cc750c0901fa46e0bcf90ffd3999754916e7

SHA256
5c2b12c688caea5f1bf6a1474592bf26fa3809c85a45f98ed7999eee5138ca5b

SHA512
17bfc4fd0e54fe1d2f423636a4318e9dfa031af56c9f8951d4b15bb77a971ead6f3fa0432aabad803392b3f726bb255443ec929b0149d284ba8634611e221b00

Download Submit
memory/2536-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2536-2011-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2536-8383-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads