c02085e08ce5cc8c0024fc2416fdedfe98e2b46f68d328b4ba2a841a69e9c487

Analysis

max time kernel
5s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b9c6ac70c1185d2e56ee1ef54e78248.exe
Size

1.8MB
MD5

4b9c6ac70c1185d2e56ee1ef54e78248
SHA1

98d5073a69ee308c71bf196e0ebab0eb31aff466
SHA256

c02085e08ce5cc8c0024fc2416fdedfe98e2b46f68d328b4ba2a841a69e9c487
SHA512

e9934bc02093917c5f63d82ce2879401974553d52ddb9e6625db38cc913c000b46586fd47f6924f1128f31c73ba3b2b14a47cbdb1752547f29294cf734992961
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqZ:SCqm2Jpr0nNM7Dus7NxU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1752-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/1752-4567-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000215b5-10487.dat	upx
behavioral2/files/0x00010000000215b5-10486.dat	upx
behavioral2/files/0x00010000000215b5-10485.dat	upx
behavioral2/files/0x0001000000021a20-10483.dat	upx
behavioral2/memory/1752-13423-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\BackupInvoke.midi	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\readme.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\wab32.dll.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	4b9c6ac70c1185d2e56ee1ef54e78248.exe

C:\Users\Admin\AppData\Local\Temp\4b9c6ac70c1185d2e56ee1ef54e78248.exe
"C:\Users\Admin\AppData\Local\Temp\4b9c6ac70c1185d2e56ee1ef54e78248.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
4KB

MD5
31c82ba0413069a944640c7d95b59384

SHA1
390646dc1935227a3e0b52c6077618dea869e75e

SHA256
639b4ca091f86c4d9ec14da6eb7253302b46dde5e0a28fc3715610067b7bcd4c

SHA512
e453fefe7cdff8faab5ed6b4b19457be29602790eff0818406ceaf412ed5f790bee167e9c6f9dc5ed93f66bf3742f6b15d1e533a76219947d65307b47946ebdd

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
20KB

MD5
e12a573976030cd09ec3106c8fb1f818

SHA1
5d54f68f5dd5e64e349c4af1806c8607ae10c411

SHA256
4424b6177daa2be579fc3b292312fce906b9a3333cd95830b516d0e8c9a7a5e5

SHA512
d93d5d68ec15b22c9f2151b98627421ed09c3d9cb0cd40db5f8c05aa587b31694625a3cab846c173ee5505ee8681548a3fa7bffe3c5f2371248c6442e2a27d3b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1KB

MD5
b2137d95f05ce3a88174d28d7502383f

SHA1
4d8bf0ba77a6828d0a951949cc7aa2540d616900

SHA256
69125a5ff0fd84f7cf40ff20f1be93b08032de5df50a7334e39a60c481cb6948

SHA512
4d1562f7f65d4fd6e28bb2747fc1bac7f0d7b1055f495ee4010ec23ab422d6acdac3fc2f3220d4e0742a90950959a12c0e3f026c2b937ddf089f372b6152cd81

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
24KB

MD5
e010de3f299689c6bd58a849a26e6c26

SHA1
a73a13f2b98c3dd729fda7f5bf87c8dcb8138d9e

SHA256
42ceb2563c9a75a0febcb778b0c2d6702320bed866e14b9181dc38eb71ebd13c

SHA512
19a0cf063f1dc175fca1a52b532fcb39e442d478d68f0e5ebdc8773a204750eb42786169c11873bd7b6865f57fca15890cbe57f736aace5d033dc90d47a2f272

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
30KB

MD5
23075ee72bcf264110c1b7a00359847c

SHA1
9150fe5588ebfdab088a64d454d853d2e84fef3b

SHA256
c02d802209bdbbd9399754352730fb86ae702b45af9fb89838bc200caad59de5

SHA512
e4b1c4e68caa3d0ae1f92ea8d751c4717a89c65397c492631f252f64610067c640c72db590f143018571f7cc3685a2d0e7a10997cdcd6559f715914bc4eb2b8c

Download Submit
memory/1752-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1752-4567-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1752-13423-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads