51446ca532c2900139d2808a9117b60da535e9d3807ab01df4b63d522f3c252f

Analysis

max time kernel
20s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39a0e74dcead356c83131e78d57ffb4e.exe
Size

1.8MB
MD5

39a0e74dcead356c83131e78d57ffb4e
SHA1

a085da2fa2f68f02c03b24c73f7977878af0c979
SHA256

51446ca532c2900139d2808a9117b60da535e9d3807ab01df4b63d522f3c252f
SHA512

2a3402533251db28d5a08f177d7517b94ee95ad40dffb7b17544de81e3cd1c72afd035ff78703422b287b81c5e3ada56f56bf29437ae99acfb4652d721436a11
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqP:SCqm2Jpr0nNM7Dus7NxG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3488-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/3488-6027-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3488-13413-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\meta-index	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jce.jar	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsound.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\flavormap.properties	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll	39a0e74dcead356c83131e78d57ffb4e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	39a0e74dcead356c83131e78d57ffb4e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui	39a0e74dcead356c83131e78d57ffb4e.exe

C:\Users\Admin\AppData\Local\Temp\39a0e74dcead356c83131e78d57ffb4e.exe
"C:\Users\Admin\AppData\Local\Temp\39a0e74dcead356c83131e78d57ffb4e.exe"
1⤵
- Drops file in Program Files directory
PID:3488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3488-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3488-6027-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3488-13413-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads