f75f579249a7ca499011e4d8b3f29abb9ad8b69952038f1ee23f84ca32f87aa5

Analysis

max time kernel
20s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 15:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

84a474ffae6a6661a81907e79335e76d.exe
Size

235KB
MD5

84a474ffae6a6661a81907e79335e76d
SHA1

ada7900928e9857d8ab5e79dafbc3ee6522317c4
SHA256

f75f579249a7ca499011e4d8b3f29abb9ad8b69952038f1ee23f84ca32f87aa5
SHA512

606cf20c8a3523ab542d0e649ec1e86e563365f5d6ba4401b58a758ab25f4e71d6d8e7d319edcb40c60a8613e3a005acc42ff2eda935df217ac3c0cda1fc20be
SSDEEP

1536:rrjWRMloJb06+I8K/XCKCGSqzVXKwewCzebOInd4qfymD8xQUf8:/jWR6oJb06+ufC58FKwMeb4mD8i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3040-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x000600000002320d-5.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\7-Zip\7z.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\7-Zip\7zFM.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\dotnet\dotnet.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\7-Zip\7zFM.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe-	84a474ffae6a6661a81907e79335e76d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe-	84a474ffae6a6661a81907e79335e76d.exe

C:\Users\Admin\AppData\Local\Temp\84a474ffae6a6661a81907e79335e76d.exe
"C:\Users\Admin\AppData\Local\Temp\84a474ffae6a6661a81907e79335e76d.exe"
1⤵
- Drops file in Program Files directory
PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\odt\office2016setup.exe-

Filesize
2.9MB

MD5
e959d57497708f49594cd721f7370b67

SHA1
5dee8474da70b06055dc2d3850306b457b03f2d5

SHA256
850d92f3f1ee998d9e3439ec7aaf4996e5b60d23cb4d76cf446be0555cdb24fb

SHA512
fde2b6d3433537b4c72964c3f9386ef414fa77dcdc7f1b55f8fff584426dbf392ff0836a5f1a34e0642a4124df12c2f5cef20b1b4a2c2ad805be1b45b8e86aa4

Download Submit
memory/3040-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads