1113e6d7ccdfc6b98aa0257073f90d713a129e0ffdee0de5ef35daa12d64cd77

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52973686becef51d18042af00d558223.exe
Size

1.8MB
MD5

52973686becef51d18042af00d558223
SHA1

e1b80e8396faeb5a8c807cba57a8fa13abeab5c3
SHA256

1113e6d7ccdfc6b98aa0257073f90d713a129e0ffdee0de5ef35daa12d64cd77
SHA512

8202b420c76ca8a30143e07f53ad46ee4a93d470d5d6de0eceea849909735238eebe268d58bd3851ed116270095c3696e00a9f3a393874398559307fba03f6ad
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqY:SCqm2Jpr0nNM7Dus7Nxd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1212-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000139d6-5.dat	upx
behavioral1/memory/1212-3324-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1212-9171-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	52973686becef51d18042af00d558223.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Defender\MpEvMsg.dll.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.exe	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.exe	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.exe	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montevideo	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\ConfirmRedo.clr.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.exe	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\weather.css.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.exe	52973686becef51d18042af00d558223.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	52973686becef51d18042af00d558223.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT	52973686becef51d18042af00d558223.exe

C:\Users\Admin\AppData\Local\Temp\52973686becef51d18042af00d558223.exe
"C:\Users\Admin\AppData\Local\Temp\52973686becef51d18042af00d558223.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
9d4a09325b671670c579ba5952c7b9aa

SHA1
61c266158ae6af32bd3f60a59c26a88f1e7cb8e8

SHA256
f309ef2cba137f40830e776d7b62289b44109bbcbf5d902fe8c18a4791f4407e

SHA512
3ce3af42fb5b299032b243b62619a9d766c599a22cbf7efc564416d8445030f4ce88570f84d9514efc24327483b3173fd07b14a162df364b8d1e5d482de80fad

Download Submit
memory/1212-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1212-3324-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1212-9171-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads