9ab0ccc2d277316348de8ac843f7e22d6a8f23e741acffdc00ac4f394db9fd59

Analysis

max time kernel
3s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38c141a7286d384ec7e6bb0290b23b53.exe
Size

1.8MB
MD5

38c141a7286d384ec7e6bb0290b23b53
SHA1

57ac43f797e63bf990c51a6445528f68c387547e
SHA256

9ab0ccc2d277316348de8ac843f7e22d6a8f23e741acffdc00ac4f394db9fd59
SHA512

5aaaebbe77175793756237fa3af73f39c3979fd7a2558b083f2b3b1b401a92cc7c377719985955fc4c78c8d2c6f124e08ca1c91d7aff89ae6340d8f452d098c2
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqta:SCqm2Jpr0nNM7Dus7NxV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2256-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2256-2971-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2256-9205-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	38c141a7286d384ec7e6bb0290b23b53.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	38c141a7286d384ec7e6bb0290b23b53.exe

C:\Users\Admin\AppData\Local\Temp\38c141a7286d384ec7e6bb0290b23b53.exe
"C:\Users\Admin\AppData\Local\Temp\38c141a7286d384ec7e6bb0290b23b53.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2256-2971-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2256-9205-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads