484506add835d945034b58ede6ff04e0779a6a7d8758036e1a31fd6f8d8e9d3b

Analysis

max time kernel
167s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 06:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4016a635e405e81377e325cf259fe817.exe
Size

1.8MB
MD5

4016a635e405e81377e325cf259fe817
SHA1

0e9d1310d92fd33cc0fc5a3acf804bfedcb87ab0
SHA256

484506add835d945034b58ede6ff04e0779a6a7d8758036e1a31fd6f8d8e9d3b
SHA512

57327cce2f7adb772f3160b7aeb4a887bdf5aead5648a4c6fab3da74319ad05baf3f308a70efec3dffb2424e2da5c2defa23537848b16ef5b984c7a5591b2302
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHW:SCqm2Jpr0nNM7Dus7Nx22

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3628-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/3628-195-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\CompleteMount.xps.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.exe	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.exe	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	4016a635e405e81377e325cf259fe817.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	4016a635e405e81377e325cf259fe817.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	4016a635e405e81377e325cf259fe817.exe

C:\Users\Admin\AppData\Local\Temp\4016a635e405e81377e325cf259fe817.exe
"C:\Users\Admin\AppData\Local\Temp\4016a635e405e81377e325cf259fe817.exe"
1⤵
- Drops file in Program Files directory
PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
debe24a939b91b65fba5b8c86c331ef4

SHA1
1cfd9ffeb6e572bc4e4744b57e29a2b7aa3c1fee

SHA256
eb5278f27831c5a838844be0bb299c79e9ff487e5108379b6f371d5c913ed9b4

SHA512
c3bf97d745c2441c5d241ed91621a4e848f869340676029e3d7b24c4a8d89baee0c2ec2c499e4bbba6dc3c7ee50c0146d35d31f9e1d1a593e8ff3804fd6da286

Download Submit
memory/3628-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3628-195-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads