2ee8cf408a8fec957b69087b282d1433357bc03eb08596fb33b1cd74fc456197

Analysis

max time kernel
156s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

477ad6b085b2808952452bb9a622e14b.exe
Size

2.8MB
MD5

477ad6b085b2808952452bb9a622e14b
SHA1

c0d737cef92803b6b55c47fb14b45e676d3ea11a
SHA256

2ee8cf408a8fec957b69087b282d1433357bc03eb08596fb33b1cd74fc456197
SHA512

4fc65200c3b8cc774fa02e0a3436202574644f4b740fec6a9ee6cda252bb14dbb2bb4d0cff96f2400848704c41f72e869839df94124abb8d2697ef242d8d3821
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91C:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0032000000016d23-5.dat	upx
behavioral1/memory/2160-553-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	477ad6b085b2808952452bb9a622e14b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\ConvertInstall.mpeg3	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\EditInitialize.mov.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.exe	477ad6b085b2808952452bb9a622e14b.exe

C:\Users\Admin\AppData\Local\Temp\477ad6b085b2808952452bb9a622e14b.exe
"C:\Users\Admin\AppData\Local\Temp\477ad6b085b2808952452bb9a622e14b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
5fcc9ccf48607ac44ffbe195efd82436

SHA1
cc3b652f4baba1ab3c9cb6bf8f4d7e641632a1a7

SHA256
3dded2e682282c2e4cae32bc0fffe551d5fd6db38885a412b45dd32f7bd286f5

SHA512
3f710418fa4a0a2b418faa31e6166c8eb0fc7cf83264a29648bba919c6caefd0b18c6c56384204b01248fa77b39854fd07edc872158aca35aa576ec21d170603

Download Submit
memory/2160-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2160-553-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads