a6d200046d11c56f4949ae2137778e29f0b1ee8212984feb42d8dd2349891696

Analysis

max time kernel
7s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3759966c28ed960c7be9af9a7568ab9f.exe
Size

1.8MB
MD5

3759966c28ed960c7be9af9a7568ab9f
SHA1

26add402d2839a7054b5fe94ff6683dc67e90612
SHA256

a6d200046d11c56f4949ae2137778e29f0b1ee8212984feb42d8dd2349891696
SHA512

dc889890b27ed6c4d0e055f8ec979fca42718a0672d331f793d44e1368b11bb331bec4a301c5371d250c2eac0e35f00c53147618a277cfa22d3f1749e009f6fe
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH5:SCqm2Jpr0nNM7Dus7Nx2Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4960-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/4960-4749-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4960-13379-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\eo.txt.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	3759966c28ed960c7be9af9a7568ab9f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	3759966c28ed960c7be9af9a7568ab9f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	3759966c28ed960c7be9af9a7568ab9f.exe

C:\Users\Admin\AppData\Local\Temp\3759966c28ed960c7be9af9a7568ab9f.exe
"C:\Users\Admin\AppData\Local\Temp\3759966c28ed960c7be9af9a7568ab9f.exe"
1⤵
- Drops file in Program Files directory
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
46KB

MD5
98f56a29b6b46a6718375bdf71bf27d3

SHA1
ce93a0f0f540a240bacf1e2014a4a55b258b40c8

SHA256
1b0a882d5fd0e5506dd861a1c9c29ca5200ae68448fa739ef08fe46929a4e07d

SHA512
0858c8bb48904dd1391a85f07c7be745ef7854ff058b25ae2859bf46ba390309aea7a3e1a81579c0336608f9245c2d7422988128ac2b74393e4039cbac763227

Download Submit
memory/4960-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4960-4749-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4960-13379-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads