25f1db4a417b2cfb3c425288b0b3c4935c0a826820af56e0e624b4a6edcea97e

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42b7cd4c621c3f7a3cc61bed995b39eb.exe
Size

1.8MB
MD5

42b7cd4c621c3f7a3cc61bed995b39eb
SHA1

f004a7d40b65e83d26119537027212620e7ebec3
SHA256

25f1db4a417b2cfb3c425288b0b3c4935c0a826820af56e0e624b4a6edcea97e
SHA512

218e464cc8b881382b81d7585be55ceb02b904de13e53db55c570321e5f6cbed15477039bd3335a8df060a1742329c0745262e5da9ee0c8dea3033cd9b685776
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHQ:SCqm2Jpr0nNM7Dus7Nx2w

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4920-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022897-5.dat	upx
behavioral2/memory/4920-3845-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4920-13372-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\desktop.ini	42b7cd4c621c3f7a3cc61bed995b39eb.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-200.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-white.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Diagnostics.DiagnosticSource.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-100.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\resources.pri	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\3DViewerProductDescription-universal.xml	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-100.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-unplated.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\MedTile.scale-100.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40_altform-unplated.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebClient.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\powerpoint.x-none.msi.16.x-none.vreg.dat	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\SmallTile.scale-100.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\OptimizeCompare.001.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-white.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-200.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-200.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\28.jpg.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-40.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\184.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\MemMDL2.1.85.ttf	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\Welcome_Slide01.jpg.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d3.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-125.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\MedTile.scale-200.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-125.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100_contrast-black.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-400.png	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-100.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100_contrast-black.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Design.resources.dll	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\SourceAppService.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\TimeBackground.dll.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-125.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Fur.jpg	42b7cd4c621c3f7a3cc61bed995b39eb.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated.png.exe	42b7cd4c621c3f7a3cc61bed995b39eb.exe

C:\Users\Admin\AppData\Local\Temp\42b7cd4c621c3f7a3cc61bed995b39eb.exe
"C:\Users\Admin\AppData\Local\Temp\42b7cd4c621c3f7a3cc61bed995b39eb.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
278KB

MD5
1210b03e795cd4b1c2718950155b767e

SHA1
0d01923afc672c90843aa73d6fa853c65728db4f

SHA256
4932da6e08797798071bc6157f6b800efe97c2ef0ee04466b6549f19a861e48c

SHA512
b5118620ea269353a050e9c9d3d1e3dbc2b1a82d66851f83077b2f1712bc40eb48f620ba40e4d0997644e92137a5913eb9cb50b28a59df91d7f922851d896c65

Download Submit
memory/4920-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4920-3845-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4920-13372-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads