d36a543227593fa124afb96408b72e0ce6a958157383a0ad12074869dd24775d

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4256d6625e8c0a5885c05212830b0850.exe
Size

1.8MB
MD5

4256d6625e8c0a5885c05212830b0850
SHA1

4c2747c98771bfb9361c4a80b0e71bb6cc00c592
SHA256

d36a543227593fa124afb96408b72e0ce6a958157383a0ad12074869dd24775d
SHA512

f8d353b6ddd08af4b33f78cdce87326f05a84a9a3822b5d50392542183b391502c56ae5a43c3eb82302310dd2232d966c39577252e55dea0fb2e2ede462e012a
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqBj:SCqm2Jpr0nNM7Dus7NxIj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4032-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/4032-436-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dcpr.dll	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.exe	4256d6625e8c0a5885c05212830b0850.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.exe	4256d6625e8c0a5885c05212830b0850.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	4256d6625e8c0a5885c05212830b0850.exe

C:\Users\Admin\AppData\Local\Temp\4256d6625e8c0a5885c05212830b0850.exe
"C:\Users\Admin\AppData\Local\Temp\4256d6625e8c0a5885c05212830b0850.exe"
1⤵
- Drops file in Program Files directory
PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
689d3e40159cb495d07636d99370b257

SHA1
473bdb29a932e2d7585edfac9967f62144554641

SHA256
6f34c0a0b1d328016cc304983ca6bdbfe9457c18979919c853eef97352ff6d2e

SHA512
79e8bd225796f1891fe57990847c7f8329e22bd8b62de0cd7ddb85af47b7306b78086b3d02857c8796de33745c1402c9bf7dd0a78427690842b38a54328a6674

Download Submit
memory/4032-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4032-436-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads