770e3770f7c11e163f98bd2508993e3c98a60a4aa11641073740593407f41d3c

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

512d36fd9319e32c04aac20ec70808df.exe
Size

1.8MB
MD5

512d36fd9319e32c04aac20ec70808df
SHA1

fc41f3ccea4744140621aa18f84015b8b392361f
SHA256

770e3770f7c11e163f98bd2508993e3c98a60a4aa11641073740593407f41d3c
SHA512

4b1a5656545fb0ce7cd3787ae97f1610a83d30ddb511ba72039dd66b2a2551229dbb9b74e5bd24294842f1ea566fd9179dc9233b4fcef49d925d3b915b30fb37
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqM:SCqm2Jpr0nNM7Dus7Nx5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1532-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/1532-6203-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1532-13405-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\desktop.ini	512d36fd9319e32c04aac20ec70808df.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\Unipulator.mp4.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-125.png	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\PREVIEW.GIF	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-30_altform-unplated_contrast-black.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-250.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-125.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_32x32x32.png	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-white.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_contrast-white.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Xbox.Foundation.Media.winmd.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlCone.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-200.png	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\splashscreen.scale-100.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-100.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Microsoft.WebMediaExtensions.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xeccf.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\RemoveConvert.xht.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxManifest.xml	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleLargeTile.scale-125.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1497073144-2389943819-3385106915-1000-MergedResources-0.pri.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Common.dll.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-200.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosStoreLogo.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-125.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-60_altform-unplated.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\MedTile.scale-125.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\PackageManagementDscUtilities.strings.psd1.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-150.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-125.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-100.png	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-400.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-200.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentMobile_24x20.png.exe	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	512d36fd9319e32c04aac20ec70808df.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\PREVIEW.GIF	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui	512d36fd9319e32c04aac20ec70808df.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\IrisProtocol.dll	512d36fd9319e32c04aac20ec70808df.exe

C:\Users\Admin\AppData\Local\Temp\512d36fd9319e32c04aac20ec70808df.exe
"C:\Users\Admin\AppData\Local\Temp\512d36fd9319e32c04aac20ec70808df.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
929KB

MD5
9affe27884386a2b7313b90ab9f1f2cc

SHA1
d818bc9b365d436a7675189160460769a941d7ea

SHA256
a416d45e8d4572ed29577fd78e1e858d8d58eac626d36f28c9c2ac44982a1b50

SHA512
cae0b8ab6551dbdf3fb3180380d83aba817edc4f54ecb0b36ed22ced15a991a800476beed39089cd39460351ebb411d16f9988b98222793c0f8664b9f15a5f8b

Download Submit
memory/1532-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1532-6203-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1532-13405-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads