cc93da712fb871e5a4c5106ff5d688fdabf42297c33b2dde9ae54e29377702fd

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

556cb598aa380e099fb94938acb70f02.exe
Size

2.8MB
MD5

556cb598aa380e099fb94938acb70f02
SHA1

7b049994eb98e2df1d30e447d259b58c8d8952dd
SHA256

cc93da712fb871e5a4c5106ff5d688fdabf42297c33b2dde9ae54e29377702fd
SHA512

7bd861ef5d2de73e20274df716faa89f2b3c6fda5e0e1ea4ac7fa8eadc06011118a8eb91e4fd07f889362ec7468b48fe332cd69617af452a6288805a2b361b59
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91K:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4024-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/4024-4594-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4024-8753-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\desktop.ini	556cb598aa380e099fb94938acb70f02.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.exe	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows-native.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\notificationCenter.html.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-200.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-400.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Rainbow.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-125.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Describe.ps1	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.exe	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.exe	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLL	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxManifest.xml.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-125.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-125.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-96_altform-unplated.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Oart.dll.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\officons.ttf.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\dotnet\dotnet.exe.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreRating\StoreRatingRules.xml	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-336.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-40.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-20_altform-unplated.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\SetupTeardown.Tests.ps1	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\FM20ENU.DLL	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_9.m4a.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\LargeTile.scale-125.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-32.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\KnownGameListRS3.bin	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-200.png	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-white.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-100.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.exe	556cb598aa380e099fb94938acb70f02.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-24.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldBe.snippets.ps1xml.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\VMRCaptureConfig.json	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.exe	556cb598aa380e099fb94938acb70f02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.exe	556cb598aa380e099fb94938acb70f02.exe

C:\Users\Admin\AppData\Local\Temp\556cb598aa380e099fb94938acb70f02.exe
"C:\Users\Admin\AppData\Local\Temp\556cb598aa380e099fb94938acb70f02.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.1MB

MD5
e6ccc7a6c14f52c2af1db941095d1dc6

SHA1
538b3ea5b76e5816b003ade02adc699afdc6feaf

SHA256
122c9599e0ba4700607103cbd3acf98a000978c188acdef538d4062077fa1227

SHA512
8bcdf8ea026eb026313ef41ecb9716e353b25cb0894bc837d2ad051638a24be914db1175a2bc1d37ed403e14a680b2c34ea43eea6259b1d66530c2918c9f39ac

Download Submit
memory/4024-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4024-4594-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4024-8753-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads