Analysis
-
max time kernel
169s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 13:51
Behavioral task
behavioral1
Sample
38b8f7521de7d5bd6b1e08036e14744a.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
38b8f7521de7d5bd6b1e08036e14744a.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
38b8f7521de7d5bd6b1e08036e14744a.exe
-
Size
1.8MB
-
MD5
38b8f7521de7d5bd6b1e08036e14744a
-
SHA1
a910b8c6d06e3beab1d67fa84c2b7d90961160e4
-
SHA256
ed76feee4e4b92fd533fc5228251974fa8396cf9ac7bb95fd21a234f0271eb42
-
SHA512
9a20379672c1c5e39c5e827ad326df72d061711a1c2094f4beb7dd9ac3f744e3b08d9b1b65832db4c316ce7c46831628f8a9e871c8299844bf2a8b23fde6dc9e
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq7:SCqm2Jpr0nNM7Dus7NxK
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3128-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0002000000022910-5.dat upx behavioral2/memory/3128-121-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\7-zip32.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\co.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\ga.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\hu.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\eo.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\ado\msado21.tlb.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\ado\msado60.tlb 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\ado\msado26.tlb.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\hu.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\et.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\7-Zip\Lang\ka.txt.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml 38b8f7521de7d5bd6b1e08036e14744a.exe File created C:\Program Files\Common Files\System\ado\msadomd.dll.exe 38b8f7521de7d5bd6b1e08036e14744a.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll 38b8f7521de7d5bd6b1e08036e14744a.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD555e2e7054c089472ea356335f0a6c770
SHA1abf45175b8df9c5a1599c38a9986739a86566f33
SHA256b274b14bc016be7ab491bd53a8c33c85c59d48e9b8292d28d39cd33ae95abd04
SHA51237b4be3c8dfc82a46624b110ab01a0962bf531ba4e8a85d7680ae0012c406c2d62cbc901e19a339a637251d05410339507d0654bc4f6e5f64789b6978f76d409