03923fba3b28b1c533e0d0fbacb57cede1194274479189b1eb8e4a93ae3b6554

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40da5c71ea2a0d782f10105b277ba779.exe
Size

1.8MB
MD5

40da5c71ea2a0d782f10105b277ba779
SHA1

781c4503eb47624d6a1c53afd8d428626bd4e5c7
SHA256

03923fba3b28b1c533e0d0fbacb57cede1194274479189b1eb8e4a93ae3b6554
SHA512

4a904762bf9e4b40764872b8a287135a75a0b94b2c3386884339ad148399554fc282bd6a0fe8b813b47be484b293fafe17212d4e553d2927eb605412a1bda9bb
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqA:SCqm2Jpr0nNM7Dus7Nxd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0033000000016cd7-5.dat	upx
behavioral1/memory/1712-721-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	40da5c71ea2a0d782f10105b277ba779.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\GrantUndo.bat	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.exe	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.exe	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.exe	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.exe	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.exe	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.exe	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT	40da5c71ea2a0d782f10105b277ba779.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89	40da5c71ea2a0d782f10105b277ba779.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar	40da5c71ea2a0d782f10105b277ba779.exe

C:\Users\Admin\AppData\Local\Temp\40da5c71ea2a0d782f10105b277ba779.exe
"C:\Users\Admin\AppData\Local\Temp\40da5c71ea2a0d782f10105b277ba779.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
3eb66370b3539af5e8735c75380ed7be

SHA1
6fb704705bd0fbd3bb4d1d98d921ffe3ffa11f59

SHA256
63f0760684f0ec981f37be947db11b9aa8fa0705ea24538b6af23879f4542fb9

SHA512
48ab1747b618ae01d02617f12a8d1c238a32f52b942fe5f69285c8713b9241ef13e8925dd032b4f1226d1c2a50a1e4b7e51b2bbd64c2ac375ae94e1dad3dbdc1

Download Submit
memory/1712-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1712-721-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads