d2408c5dd58ff9d8728d5dc5303b649d7e81be57fafa2842df8bbb25eb786d09

Analysis

max time kernel
151s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40b9a420cf8e42c8264d0aaf5e1a0f83.exe
Size

2.8MB
MD5

40b9a420cf8e42c8264d0aaf5e1a0f83
SHA1

f7a42863e186fc16981ff615bf3b4de0ddb6b76f
SHA256

d2408c5dd58ff9d8728d5dc5303b649d7e81be57fafa2842df8bbb25eb786d09
SHA512

2f2ab373e5908eff72195fec5bf8ff2f0ddb88d323bc838567faa8ba3e90ae2e1d680a04425559231b52ecd75169660bd84f765f3a639ea34878067a49ec8ad4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91S:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1752-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/1752-248-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\ExitSelect.odp.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui	40b9a420cf8e42c8264d0aaf5e1a0f83.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	40b9a420cf8e42c8264d0aaf5e1a0f83.exe

C:\Users\Admin\AppData\Local\Temp\40b9a420cf8e42c8264d0aaf5e1a0f83.exe
"C:\Users\Admin\AppData\Local\Temp\40b9a420cf8e42c8264d0aaf5e1a0f83.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
388KB

MD5
63f66af135eb414e5a7b9a9c3cbd5396

SHA1
7f26d61a831a1e2ae3bd8c8e4cfa10b8f83025a9

SHA256
556f3204100485a17246b4c877c1ee7a5a41a3cf49ac849c1a12f436197b398f

SHA512
ecf43478afc8e7a6b7fcb3b7c529164087a122f6416bd479829828ef1a63fbb2aee428b48aa7b6777b30668791e2f5355117c93b9aa51368de833ec9da0d7d2d

Download Submit
memory/1752-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1752-248-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads