05fa96a7bd95098154c88cbbf8f90ca339139600e5426e3bd9540cd422b9fcba

Analysis

max time kernel
5s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5218dfcbd880a0fd340e50b59dcb4dc3.exe
Size

1.8MB
MD5

5218dfcbd880a0fd340e50b59dcb4dc3
SHA1

50e17e9677b6c8c181300de6b0ce803c0ab4814c
SHA256

05fa96a7bd95098154c88cbbf8f90ca339139600e5426e3bd9540cd422b9fcba
SHA512

2f70c9c694d2427226c8eb45d1b426068bc1e4db350fe9730432add44bd9e86acff5b47c709f59b3497cce31a1830e307ef6877606ed8cfdfb3f05f8e9ac2040
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqE:SCqm2Jpr0nNM7Dus7NxN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2444-4149-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\wab32.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.exe	5218dfcbd880a0fd340e50b59dcb4dc3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	5218dfcbd880a0fd340e50b59dcb4dc3.exe

C:\Users\Admin\AppData\Local\Temp\5218dfcbd880a0fd340e50b59dcb4dc3.exe
"C:\Users\Admin\AppData\Local\Temp\5218dfcbd880a0fd340e50b59dcb4dc3.exe"
1⤵
- Drops file in Program Files directory
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2444-4149-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2444-11147-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads