770e3770f7c11e163f98bd2508993e3c98a60a4aa11641073740593407f41d3c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

512d36fd9319e32c04aac20ec70808df.exe
Size

1.8MB
MD5

512d36fd9319e32c04aac20ec70808df
SHA1

fc41f3ccea4744140621aa18f84015b8b392361f
SHA256

770e3770f7c11e163f98bd2508993e3c98a60a4aa11641073740593407f41d3c
SHA512

4b1a5656545fb0ce7cd3787ae97f1610a83d30ddb511ba72039dd66b2a2551229dbb9b74e5bd24294842f1ea566fd9179dc9233b4fcef49d925d3b915b30fb37
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqM:SCqm2Jpr0nNM7Dus7Nx5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003400000001444d-5.dat	upx
behavioral1/memory/2460-2828-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2460-9218-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jre7\lib\charsets.jar	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jre7\bin\orbd.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jre7\bin\wsdetect.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ssv.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.exe	512d36fd9319e32c04aac20ec70808df.exe

C:\Users\Admin\AppData\Local\Temp\512d36fd9319e32c04aac20ec70808df.exe
"C:\Users\Admin\AppData\Local\Temp\512d36fd9319e32c04aac20ec70808df.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
394KB

MD5
d78c5d6b09b7d20c2b3c787eb879428a

SHA1
89893ce0c8ed508b2033e0c1e3f6f6b303ce3186

SHA256
7718d8d1f62a15f0c0f9450f5b6730386798fed9c08b76ef8ee4426d40f9bd1b

SHA512
8172badee3a5fd98982b3866b8b582dc352419a4203d95430b1877667eb872e7b171fe13c391efa26fd17b147c84a1e26bf4b876fbf0bbe4ae43c88a7015ee30

Download Submit
memory/2460-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2460-2828-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2460-9218-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads