43111a87b15522b0166f16359cb346dd02512751fa975f1e0c3df1bcdd4f5a4d

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
Size

1.8MB
MD5

3af3e19b4e64cac8db2a7fe8d7a3dba0
SHA1

a504ac0ce0c17a1a7ba174822c5201d0e1736b73
SHA256

43111a87b15522b0166f16359cb346dd02512751fa975f1e0c3df1bcdd4f5a4d
SHA512

9406d208bf8d8886c990fa7ffdaba7d4d27472867d8cce369f84b9ecf796ac4adc6a6ed62f1bc8656101dc3816922e0cd2a3769e03928d4fbad90914c1b7c81c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHV:SCqm2Jpr0nNM7Dus7Nx21

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/816-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228ae-5.dat	upx
behavioral2/memory/816-3291-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/816-13379-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\desktop.ini	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125_contrast-black.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-125_contrast-black.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-200.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-125_contrast-white.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeSmallTile.scale-100.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker31.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-400.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\SystemX86\vccorlib140.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-48.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-utility-l1-1-0.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Input.Manipulations.resources.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-200.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUIRES.DLL.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_altform-unplated.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOff.wav	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-24.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-lightunplated.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-125.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-400.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-125_contrast-black.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\LargeTile.scale-125_contrast-black.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\resources.pri	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_scale-125.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.2c6c9842.pri.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-32_altform-lightunplated.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ContactPhoto.scale-180.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-125_contrast-white.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-100.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-100_contrast-white.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\onintlim.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\SmallTile.scale-200.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\microsoft.system.package.metadata\S-1-5-21-1232405761-1209240240-3206092754-1000-MergedResources-0.pri	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-48.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-20.png.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-256.png	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri.exe	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	3af3e19b4e64cac8db2a7fe8d7a3dba0.exe

C:\Users\Admin\AppData\Local\Temp\3af3e19b4e64cac8db2a7fe8d7a3dba0.exe
"C:\Users\Admin\AppData\Local\Temp\3af3e19b4e64cac8db2a7fe8d7a3dba0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
448KB

MD5
5280ca635d80f8c4209b6302a96f3323

SHA1
ec3687e9ab99c90a35cd7e2ac0c7bfde00b74f63

SHA256
96b5fae472303ac30d385c48b8cec9f0acc33e96e2c24be4495ac6cb0dc94bde

SHA512
4cf928dadba2178594fc28b34c92ca07da2e939c27c91b2c95fd408e43808a4504c9fae7b527b5782e4ba45e8a3d4af8d8d231f2f9dcf812b5b6f537b26feed1

Download Submit
memory/816-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/816-3291-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/816-13379-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads