a823db4950acd0b4aecf87ffb3f0e57959f37b382d22528c998ae4d7fdbac208

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5334ae3f49998609eb308e93e485a8a7.exe
Size

1.8MB
MD5

5334ae3f49998609eb308e93e485a8a7
SHA1

cc862eee8ff77d0b8bcab866d87ac07fe6056b5c
SHA256

a823db4950acd0b4aecf87ffb3f0e57959f37b382d22528c998ae4d7fdbac208
SHA512

9ca3c302cce8f710c20707507a16e76fa2677e979276284cacc521564124e0a204f8216fcea40e3a3396354d5d35d064b3716d3a7e606b35dba3b1a59cf5582c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqVA:SCqm2Jpr0nNM7Dus7Nx3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003500000001484b-5.dat	upx
behavioral1/memory/2496-3818-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2496-9216-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	5334ae3f49998609eb308e93e485a8a7.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\CompressHide.avi	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Mozilla Firefox\platform.ini	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.ini	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.exe	5334ae3f49998609eb308e93e485a8a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.exe	5334ae3f49998609eb308e93e485a8a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar	5334ae3f49998609eb308e93e485a8a7.exe

C:\Users\Admin\AppData\Local\Temp\5334ae3f49998609eb308e93e485a8a7.exe
"C:\Users\Admin\AppData\Local\Temp\5334ae3f49998609eb308e93e485a8a7.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
292KB

MD5
3dbd96f24c0db06744c8f39dd141fb4f

SHA1
33d83f6edd4f319ac8cccbd849bd431c890b0540

SHA256
058f2706aa1c44be52c6641f7c1afded8e987c88c79f896d6671182568aa0c0c

SHA512
8a221e9f5867b1b67b4dec95f131f719ed6baf680da917f57a7e7aee1124907ef458e4c68b6be709ab1bf83f2193b89415bb983401ed5c63b00d21ec14415461

Download Submit
memory/2496-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2496-3818-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2496-9216-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads