9ab0ccc2d277316348de8ac843f7e22d6a8f23e741acffdc00ac4f394db9fd59

Analysis

max time kernel
158s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38c141a7286d384ec7e6bb0290b23b53.exe
Size

1.8MB
MD5

38c141a7286d384ec7e6bb0290b23b53
SHA1

57ac43f797e63bf990c51a6445528f68c387547e
SHA256

9ab0ccc2d277316348de8ac843f7e22d6a8f23e741acffdc00ac4f394db9fd59
SHA512

5aaaebbe77175793756237fa3af73f39c3979fd7a2558b083f2b3b1b401a92cc7c377719985955fc4c78c8d2c6f124e08ca1c91d7aff89ae6340d8f452d098c2
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqta:SCqm2Jpr0nNM7Dus7NxV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2896-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/2896-332-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\CheckpointSearch.wm	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\CopyReset.html.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\javafx-src.zip	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\master_preferences	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.exe	38c141a7286d384ec7e6bb0290b23b53.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h	38c141a7286d384ec7e6bb0290b23b53.exe

C:\Users\Admin\AppData\Local\Temp\38c141a7286d384ec7e6bb0290b23b53.exe
"C:\Users\Admin\AppData\Local\Temp\38c141a7286d384ec7e6bb0290b23b53.exe"
1⤵
- Drops file in Program Files directory
PID:2896

Network

DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR

Response
DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR
DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

205.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.178.17.96.in-addr.arpa

IN PTR

Response

205.178.17.96.in-addr.arpa

IN PTR

a96-17-178-205deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

176.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.178.17.96.in-addr.arpa

IN PTR

Response

176.178.17.96.in-addr.arpa

IN PTR

a96-17-178-176deploystaticakamaitechnologiescom
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

23.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.160.77.104.in-addr.arpa

IN PTR

Response

23.160.77.104.in-addr.arpa

IN PTR

a104-77-160-23deploystaticakamaitechnologiescom
DNS

23.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.160.77.104.in-addr.arpa

IN PTR
DNS

4.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.181.190.20.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR

Response

208.178.17.96.in-addr.arpa

IN PTR

a96-17-178-208deploystaticakamaitechnologiescom
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

Response
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

138.91.171.81:80

104 B
2

8.8.8.8:53

21.177.190.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

21.177.190.20.in-addr.arpa

DNS Request

21.177.190.20.in-addr.arpa

DNS Request

21.177.190.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

205.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

205.178.17.96.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

176.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

176.178.17.96.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

216 B
146 B
3
1

DNS Request

26.165.165.52.in-addr.arpa

DNS Request

26.165.165.52.in-addr.arpa

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

23.160.77.104.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

23.160.77.104.in-addr.arpa

DNS Request

23.160.77.104.in-addr.arpa
8.8.8.8:53

4.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.181.190.20.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

23.236.111.52.in-addr.arpa

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

208.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

208.178.17.96.in-addr.arpa

DNS Request

208.178.17.96.in-addr.arpa
8.8.8.8:53

90.65.42.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

90.65.42.20.in-addr.arpa

DNS Request

90.65.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
63172103c88f7ab080b33f54e6152a9e

SHA1
cb69e9a3b4c98d2426175657baf76cc9a6edb818

SHA256
51e9183f94bdff16fb7b1ef635e0a131a64915ce0f07ad68c6fad41350f6517c

SHA512
c51b10c4fe41dbf3a84454acc980bdb108257b6c022c5bf9d26ad9a25f15b4345661966a8e1f5c489e6dc6c06ff408ee9132f1376b8640f24d0966b912af6472

Download Submit
memory/2896-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2896-332-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.