d0681ce0ce1b200da11c542c7ffed8b2eb3839a20ea017da57b8515869e00599

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

599b52c8b0de3f7cc3184aae5901eb78.exe
Size

1.8MB
MD5

599b52c8b0de3f7cc3184aae5901eb78
SHA1

cb5faf992a7f468c1344e9b55584d62ddb2d01f0
SHA256

d0681ce0ce1b200da11c542c7ffed8b2eb3839a20ea017da57b8515869e00599
SHA512

7856c75d043899e77fde2b448774a13c16d11a63db3ed0906511f1637ead119e893b897aa10b76b051b9b75d3b88c9119b7602dce01cd1be23724c25db38b996
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHT:SCqm2Jpr0nNM7Dus7Nx2z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/764-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227a8-5.dat	upx
behavioral2/memory/764-1267-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	599b52c8b0de3f7cc3184aae5901eb78.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.exe	599b52c8b0de3f7cc3184aae5901eb78.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe	599b52c8b0de3f7cc3184aae5901eb78.exe

C:\Users\Admin\AppData\Local\Temp\599b52c8b0de3f7cc3184aae5901eb78.exe
"C:\Users\Admin\AppData\Local\Temp\599b52c8b0de3f7cc3184aae5901eb78.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
545dfd19259b5112d8cba3971bdb134a

SHA1
c5009a1f5fcb5dda468411dd535f5452dff8ae1d

SHA256
c7e87f1646b40e1859122b688917b17ce1a2485e7076a53416de792dd506d29a

SHA512
32aa0b1e0ee0c710d0aff564b996564db07110daf2fada3b765616dbf13333c04e0bf63ef798ce6b341ad870c8cbbfec943cbb40e1bd577e94d388d08171c27a

Download Submit
memory/764-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/764-1267-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads