Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 04:15
Behavioral task
behavioral1
Sample
4a699266a4e4afb20ef4fde3ca3d3968.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a699266a4e4afb20ef4fde3ca3d3968.exe
Resource
win10v2004-20231215-en
General
-
Target
4a699266a4e4afb20ef4fde3ca3d3968.exe
-
Size
1.8MB
-
MD5
4a699266a4e4afb20ef4fde3ca3d3968
-
SHA1
27a8e26cb9e10030cca3c545a8607e3be2b21e9d
-
SHA256
a1b3cb223d08591e272ceff62017c1f24a0e8465354e7f96ecca9eb8e92ad138
-
SHA512
1bb846c617f408ea4465a051be54e27aff86b0b200ce5ece0323373df2b19cbea703da657b463a022f37a7fefd37cf0aac2511159bb62454077f18de94c865c6
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqo:SCqm2Jpr0nNM7Dus7NxR
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1628-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x00020000000227a8-5.dat upx behavioral2/memory/1628-705-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 4a699266a4e4afb20ef4fde3ca3d3968.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\lib\packager.jar 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\7-Zip\7-zip.chm.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.exe 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll 4a699266a4e4afb20ef4fde3ca3d3968.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll 4a699266a4e4afb20ef4fde3ca3d3968.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD592945e7609f199935298370ef771948d
SHA1ba7c87192cbc86069c9e7038ebcf2cae08f15cfe
SHA25683e6c45e6efa01ba581074b83bb6d9e8f7e2cdc0aced66a94187acf5dac2353c
SHA5128aa29859dc5bf9f8d52143c216ef527010ce84e587cd2e7a0cf7ea7314d3859e9c3f4895f6c1d4575e20dd33c6759a820f7c9aba675f31393ac5b249d1260a3a