479df560b4fd8ef5f95757f1e71a97c761722cd6fddba2714719164e8496a721

Analysis

max time kernel
2s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45b5bfd2eade15b03c9e53cad4bdee17.exe
Size

1.8MB
MD5

45b5bfd2eade15b03c9e53cad4bdee17
SHA1

e821055a80abd649fa517e816ea244f38c67cdf9
SHA256

479df560b4fd8ef5f95757f1e71a97c761722cd6fddba2714719164e8496a721
SHA512

c126561df1343979442fe146379e712fb9f8ae945e84233f7ecacda05476b7b3da8c576f1b5e3ab906a3ae59596a5ea55b3a2bb8ae53ba5d7ddb3f2794304173
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHG:SCqm2Jpr0nNM7Dus7Nx2m

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2548-2368-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2548-9188-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	45b5bfd2eade15b03c9e53cad4bdee17.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\License.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	45b5bfd2eade15b03c9e53cad4bdee17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui	45b5bfd2eade15b03c9e53cad4bdee17.exe

C:\Users\Admin\AppData\Local\Temp\45b5bfd2eade15b03c9e53cad4bdee17.exe
"C:\Users\Admin\AppData\Local\Temp\45b5bfd2eade15b03c9e53cad4bdee17.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2548-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2548-2368-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2548-9188-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads