a40dc773c1d53003276cec9699c6120683c8b9703e5bf5e80f9f9c4e731ea9a4

Analysis

max time kernel
145s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38f70794690c99ebab826e63eb381858.exe
Size

1.8MB
MD5

38f70794690c99ebab826e63eb381858
SHA1

14128b2898c76f9ff7eb331e3bfdbef37e626eb4
SHA256

a40dc773c1d53003276cec9699c6120683c8b9703e5bf5e80f9f9c4e731ea9a4
SHA512

4c08a232609868a4ae39e245826e074388eef5fd4a90ccade24a0a95ebea889d1d6e0edaef3a46dd6fc6f815e87d8caebbc45529a20d3838e28093d7093d7252
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqx:SCqm2Jpr0nNM7Dus7NxU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002b000000014468-5.dat	upx
behavioral1/memory/2240-607-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	38f70794690c99ebab826e63eb381858.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\7-Zip\License.txt.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dcpr.dll	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.exe	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.exe	38f70794690c99ebab826e63eb381858.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar	38f70794690c99ebab826e63eb381858.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.exe	38f70794690c99ebab826e63eb381858.exe

C:\Users\Admin\AppData\Local\Temp\38f70794690c99ebab826e63eb381858.exe
"C:\Users\Admin\AppData\Local\Temp\38f70794690c99ebab826e63eb381858.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
244KB

MD5
18d4bf9df6b606637df42c60fc76b998

SHA1
e7fce6be75dfb6eace804dae5cf61bdd32177ffe

SHA256
5af28bdf17e56ddf2f969529ab1b472d46478b7a21a1aa1074f9f5bd1d7f91ae

SHA512
9447f2a083abd303f0a26154c7725f488d46ee5968141c59fb061c5682842396661da1bb4039cf8298c09c43f3279f3532b6ae1aab3df5d1ac98af9d81cf6f37

Download Submit
memory/2240-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2240-607-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads