fffd363914acb85b4d63be4dc77ffe9fc44b5aa3b9b2f58582afdab79487beac

Analysis

max time kernel
164s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 15:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49557d20450cbe6458eda50c6185a750.exe
Size

1.8MB
MD5

49557d20450cbe6458eda50c6185a750
SHA1

48a9f98d5f79d94e0f5eeb6e049b5155987b1d89
SHA256

fffd363914acb85b4d63be4dc77ffe9fc44b5aa3b9b2f58582afdab79487beac
SHA512

a49892b24a256ee1ed9d82f34e8b5ad5405f14f55ddc22d6050054f8fe91b1788a0c4e391974f9630502d046091ccf1056d15da71146f1f97f4ee68e93326589
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqxa:SCqm2Jpr0nNM7Dus7NxV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2372-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227a8-5.dat	upx
behavioral2/memory/2372-764-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\InstallUninstall.m1v	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	49557d20450cbe6458eda50c6185a750.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.exe	49557d20450cbe6458eda50c6185a750.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.exe	49557d20450cbe6458eda50c6185a750.exe

C:\Users\Admin\AppData\Local\Temp\49557d20450cbe6458eda50c6185a750.exe
"C:\Users\Admin\AppData\Local\Temp\49557d20450cbe6458eda50c6185a750.exe"
1⤵
- Drops file in Program Files directory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
946KB

MD5
9f29d0d7d3b64421217ed813ebaa1d60

SHA1
acdc897314d1b3f17a412452314ade36ab40d291

SHA256
00641b88d59d5ca0f973d9939ebd42a0d4f3e60f94d669e4882bd9964eac839b

SHA512
26f96152a175c7f82a1a3119e2ea422f62e3c94fbaf15cf776ce2f5348cc62a26e7b7f469252fcbe798c8cdf41b6a880d4e40f6a4d7e22328f8d6f42dc7f76fa

Download Submit
memory/2372-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2372-764-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads