2ee8cf408a8fec957b69087b282d1433357bc03eb08596fb33b1cd74fc456197

Analysis

max time kernel
161s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

477ad6b085b2808952452bb9a622e14b.exe
Size

2.8MB
MD5

477ad6b085b2808952452bb9a622e14b
SHA1

c0d737cef92803b6b55c47fb14b45e676d3ea11a
SHA256

2ee8cf408a8fec957b69087b282d1433357bc03eb08596fb33b1cd74fc456197
SHA512

4fc65200c3b8cc774fa02e0a3436202574644f4b740fec6a9ee6cda252bb14dbb2bb4d0cff96f2400848704c41f72e869839df94124abb8d2697ef242d8d3821
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91C:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2664-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/2664-414-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui	477ad6b085b2808952452bb9a622e14b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.exe	477ad6b085b2808952452bb9a622e14b.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	477ad6b085b2808952452bb9a622e14b.exe

C:\Users\Admin\AppData\Local\Temp\477ad6b085b2808952452bb9a622e14b.exe
"C:\Users\Admin\AppData\Local\Temp\477ad6b085b2808952452bb9a622e14b.exe"
1⤵
- Drops file in Program Files directory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
415c57dc4047898c65dcb79455653a5e

SHA1
5f9856aa6191003b58dff824f9520bd670c646c0

SHA256
befc21993f705f1da96f20a3ba5d1c09069088321c7b3d76c62feab43ed93316

SHA512
e6216ee0710dd420cf9c0e28fe37256d16069e9f798a2b70f2b8088af932fb6a4e5d0cdb2cc77796720add0eb79751fb1dc6412444c559d85eeac04a5dffe736

Download Submit
memory/2664-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2664-414-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads