4f3c6ffc5a85733023f8f32bee44a656b80eb8676fa24393f6799d2e571c114e

Analysis

max time kernel
60s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f09793bd2dbfe985d3220ce5c0e5727.exe
Size

1.8MB
MD5

3f09793bd2dbfe985d3220ce5c0e5727
SHA1

a9b22bbd1228b7c3bb189a48db1621754cb43f64
SHA256

4f3c6ffc5a85733023f8f32bee44a656b80eb8676fa24393f6799d2e571c114e
SHA512

976c74e57289f5d5893e725a29c166bd2af3eba6a37e3bfd6ffc758c92ce996816b300c0d09b38ebf83d06fa798ec3bb70333f27fce4b3c07e6865dbe4a1697d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHF:SCqm2Jpr0nNM7Dus7Nx2l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5044-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/5044-4403-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/5044-11171-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	3f09793bd2dbfe985d3220ce5c0e5727.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\ConfigurationManager.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\32.jpg	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Kiss.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Moustache.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\3DViewerProductDescription-universal.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-125.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W2.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-150.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-black.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\sunec.dll	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\179.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\HelpThumbnail.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-black.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_altform-unplated_contrast-white.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLL	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.Primitives.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseCore.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.boot.tree.dat.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.ELM	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\release	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-125_contrast-black.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms	3f09793bd2dbfe985d3220ce5c0e5727.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\DialRotation.mp4.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\az-Latn-AZ\View3d\3DViewerProductDescription-universal.xml.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Filter.png	3f09793bd2dbfe985d3220ce5c0e5727.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png.exe	3f09793bd2dbfe985d3220ce5c0e5727.exe

C:\Users\Admin\AppData\Local\Temp\3f09793bd2dbfe985d3220ce5c0e5727.exe
"C:\Users\Admin\AppData\Local\Temp\3f09793bd2dbfe985d3220ce5c0e5727.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
893KB

MD5
783e1270d52c78318a90f78de5375b3c

SHA1
81097ec182d483d53f56f14b75722d9603edc227

SHA256
69644f592b7306f73418b438625af53ba11d3c3f12227e21802e60e2591bfd1c

SHA512
a67a8897ac5a5ac5b097d65cabcdfa6a7aefb45af1d64dcfa190ad3cc6e7a7f0e217bcc6f7f429c7edb1fa1e7e9dec47b4f878afccde7d383b64bac3758323db

Download Submit
memory/5044-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5044-4403-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5044-11171-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads