e2371cbe032b781dfba4fbba0d7007f233f2644e78acb70dd675906d44aca061

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cd694f447ccbfa04b035f1efdafb472.exe
Size

1.8MB
MD5

3cd694f447ccbfa04b035f1efdafb472
SHA1

08428dfccd2de1ec4dd2cad263df31d8a3879100
SHA256

e2371cbe032b781dfba4fbba0d7007f233f2644e78acb70dd675906d44aca061
SHA512

7e0b8ca51bc86ac6bffbd16e7fbadcafa3d9ca7f525fd4843e4075301c0cdbb7fd28a1c78c1da6163c2b3671619a5e998c87b9093ea636698d57f4683b116920
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHs:SCqm2Jpr0nNM7Dus7Nx2M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4052-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/4052-545-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\ielowutil.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\7z.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.exe	3cd694f447ccbfa04b035f1efdafb472.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	3cd694f447ccbfa04b035f1efdafb472.exe

C:\Users\Admin\AppData\Local\Temp\3cd694f447ccbfa04b035f1efdafb472.exe
"C:\Users\Admin\AppData\Local\Temp\3cd694f447ccbfa04b035f1efdafb472.exe"
1⤵
- Drops file in Program Files directory
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
a792cd7618c9e0e32c03eda08962a883

SHA1
2b7a30d0f2ded96bcb220e0731b21de3077bdc92

SHA256
0a7c7e488c353d5447141438b83bd75837e0d4aecf56095429c016ba8b3c60dc

SHA512
c129d9fb4febab7462b892f66512779b2a2317b94cfe16d8e14fdd1b8212e12da06a5bc1fccf183e66955ef88adb9f83fa29880045c4564bdbd19a5fbec34063

Download Submit
memory/4052-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4052-545-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads