940d96286944ec4a6a6575856429c2d2c0e307cf03f30e193bbf444d27af1867

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4541fb061bd13402c0a7215227362dd2.exe
Size

1.8MB
MD5

4541fb061bd13402c0a7215227362dd2
SHA1

7cf214782c1c104f10678f16a5ff7b57b8816e14
SHA256

940d96286944ec4a6a6575856429c2d2c0e307cf03f30e193bbf444d27af1867
SHA512

bdfd582ba97fb86587ec2d6d8682b6a76bc16e248ccf83330b47755b2756c0c2b22d8cca13d2f9dbf6860b1a78b7dcc2f458c2329e8884533c18303d4ea1b03d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq2:SCqm2Jpr0nNM7Dus7Nxr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0034000000014fa0-5.dat	upx
behavioral1/memory/1992-3709-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1992-9171-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	4541fb061bd13402c0a7215227362dd2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\bin\hprof.dll	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MST7MDT	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.exe	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.exe	4541fb061bd13402c0a7215227362dd2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll	4541fb061bd13402c0a7215227362dd2.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.exe	4541fb061bd13402c0a7215227362dd2.exe

C:\Users\Admin\AppData\Local\Temp\4541fb061bd13402c0a7215227362dd2.exe
"C:\Users\Admin\AppData\Local\Temp\4541fb061bd13402c0a7215227362dd2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1992-3709-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1992-9171-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads