f187f3db9df29dc2555c897887e6077ca686a0cc2e263f643b13dd5596f0be5e

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fd74e7e3c577b2533929b20769597db.exe
Size

1.8MB
MD5

4fd74e7e3c577b2533929b20769597db
SHA1

bc3a8738f0abb67f10fdffc3c4f9c3f34bd484e1
SHA256

f187f3db9df29dc2555c897887e6077ca686a0cc2e263f643b13dd5596f0be5e
SHA512

838f8a5d4319dd99fe4532c907d8964473948fcf5cf7e7446af63cfe461f10ad7c603e2e5ec379febc34f3b01d2d0e774bdce59e02ed380532db480ef493a8e4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHI:SCqm2Jpr0nNM7Dus7Nx2o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000014a5b-5.dat	upx
behavioral1/memory/2220-2-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2220-2687-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2220-9219-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	4fd74e7e3c577b2533929b20769597db.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Asuncion	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\7-Zip\7zFM.exe.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.exe	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	4fd74e7e3c577b2533929b20769597db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.exe	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar	4fd74e7e3c577b2533929b20769597db.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montreal	4fd74e7e3c577b2533929b20769597db.exe

C:\Users\Admin\AppData\Local\Temp\4fd74e7e3c577b2533929b20769597db.exe
"C:\Users\Admin\AppData\Local\Temp\4fd74e7e3c577b2533929b20769597db.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
74KB

MD5
825c9a4cbcff81287833bf3a861c3d88

SHA1
264855aee0c233b6054b4a7333f32baa8c2224d8

SHA256
272bac1ddac76bc86478296b2ac3b834ca2a64f992b527edf467792dd662e614

SHA512
5bac375b5a9a19b3ae82035923869b2ea9557a2370206238ca2eb6497c9bafe253e05a706eab69efdcbbe8050e48cf66550f55b8c849e7f0e58c8f9fd155f939

Download Submit
memory/2220-2-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2220-2687-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2220-9219-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads