e2371cbe032b781dfba4fbba0d7007f233f2644e78acb70dd675906d44aca061

Analysis

max time kernel
132s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cd694f447ccbfa04b035f1efdafb472.exe
Size

1.8MB
MD5

3cd694f447ccbfa04b035f1efdafb472
SHA1

08428dfccd2de1ec4dd2cad263df31d8a3879100
SHA256

e2371cbe032b781dfba4fbba0d7007f233f2644e78acb70dd675906d44aca061
SHA512

7e0b8ca51bc86ac6bffbd16e7fbadcafa3d9ca7f525fd4843e4075301c0cdbb7fd28a1c78c1da6163c2b3671619a5e998c87b9093ea636698d57f4683b116920
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHs:SCqm2Jpr0nNM7Dus7Nx2M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1540-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002a0000000165c9-5.dat	upx
behavioral1/memory/1540-633-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	3cd694f447ccbfa04b035f1efdafb472.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Araguaina	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml	3cd694f447ccbfa04b035f1efdafb472.exe

C:\Users\Admin\AppData\Local\Temp\3cd694f447ccbfa04b035f1efdafb472.exe
"C:\Users\Admin\AppData\Local\Temp\3cd694f447ccbfa04b035f1efdafb472.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
a70737e5e4e6f2f52782a97ac28c36b3

SHA1
65ff2324b50265d4d495dfe4a7db0758e92fc13a

SHA256
39c1eabb60a83309e3505107f63542cc36e74875d52ff9e74cc414bc2872cab3

SHA512
5c85365da14e384a2f2fc677b5ab16dffb69e20151c008b27501ad2c675b63ce6e3dbdc3a5fb78af56dc2ebba5c2a599884f5ad727fe787be75ac34a1fdbdec0

Download Submit
memory/1540-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1540-633-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads