726df6380404de539326543190bfaa0d7f88a7d9723ab5ebb502013ced96526e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 04:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

527f092f6b8ef1dc5f0a094cd746aef5.exe
Size

1.8MB
MD5

527f092f6b8ef1dc5f0a094cd746aef5
SHA1

0893270458992b5f999006016a4668959b447bb9
SHA256

726df6380404de539326543190bfaa0d7f88a7d9723ab5ebb502013ced96526e
SHA512

52f499bcd75203f0561305dacb8462427a071eed0612ba99578032fb63e0693a848f0a756aec977a69c9bb0477f4bb011e5198d1ddef63d478cccce4f4c84007
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqK:SCqm2Jpr0nNM7Dus7Nx3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000143ec-5.dat	upx
behavioral1/memory/2200-2971-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2200-9210-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	527f092f6b8ef1dc5f0a094cd746aef5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\settings.js.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jre7\lib\content-types.properties	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.exe	527f092f6b8ef1dc5f0a094cd746aef5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar	527f092f6b8ef1dc5f0a094cd746aef5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	527f092f6b8ef1dc5f0a094cd746aef5.exe

C:\Users\Admin\AppData\Local\Temp\527f092f6b8ef1dc5f0a094cd746aef5.exe
"C:\Users\Admin\AppData\Local\Temp\527f092f6b8ef1dc5f0a094cd746aef5.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1024KB

MD5
6f3c31a880db3e9e35945c17aaae34d8

SHA1
cf09444cc59521ad1cca8632581dcad9977d96a8

SHA256
1cbdb1a76150f6b3bd910bd6e17a5dbd40ef31427d64e87231b5e4ea73dffafb

SHA512
db07930d9ff7688e01ec30b3849c24d60245b8fe68f6b40d7fa9d2629a72e86fe4d862c28a5840815af6373cdc1fbacc7202e62a91aa35da73582b324aca6e4d

Download Submit
memory/2200-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2200-2971-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2200-9210-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads