c254969c97e1dd1059a1ff4c961f6d05d36036bd68c256f84d2268336224656e

Analysis

max time kernel
151s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54e2a731c4027ed9e1d74750b208f431.exe
Size

2.8MB
MD5

54e2a731c4027ed9e1d74750b208f431
SHA1

8be054d8eb7925696ccdf205c334b6b85dbb336f
SHA256

c254969c97e1dd1059a1ff4c961f6d05d36036bd68c256f84d2268336224656e
SHA512

d5ba68cb5cf8c97f7494e159e410a03a83317aed4601acc0fe755e8026d91812d42cb8eb398e0dadb1462ad33638a3edfe558cbae3e3f1fedb84f5d37a7da975
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91g:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1264-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/1264-914-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\deploy.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\orb.idl	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\net.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy.jar	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.exe	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml	54e2a731c4027ed9e1d74750b208f431.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.exe	54e2a731c4027ed9e1d74750b208f431.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.exe	54e2a731c4027ed9e1d74750b208f431.exe

C:\Users\Admin\AppData\Local\Temp\54e2a731c4027ed9e1d74750b208f431.exe
"C:\Users\Admin\AppData\Local\Temp\54e2a731c4027ed9e1d74750b208f431.exe"
1⤵
- Drops file in Program Files directory
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
f998d5b5fd2906946b1a52823429b2c2

SHA1
88600559e8f31ce2b5f2ae612542e2b396b52ff6

SHA256
fad4cf106c15a712889a2dd82fc8c486dbc61718455a7b55dbdbe8bc8b02cb77

SHA512
2e474e2c5ea4bf5d1def272292b9d74ea4f03380459f744dd5d7e44c7b24847c90d64f7a873e1257a05ba00c1ee71d7d71b0857e72d377329f408b6ef16acc16

Download Submit
memory/1264-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1264-914-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads