e3c6c35aa4513a17c0572620a1a354cda7ee7d774ca3a32f3e8bb363bfabd79c

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 04:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a48d86fe8858f1b6b3d2652c047ceb9.exe
Size

1.8MB
MD5

5a48d86fe8858f1b6b3d2652c047ceb9
SHA1

274e1112a4059d989d50a00a53a9a1646ee74c32
SHA256

e3c6c35aa4513a17c0572620a1a354cda7ee7d774ca3a32f3e8bb363bfabd79c
SHA512

96e76ace0208ce522c1b4b90f8993255e717ccc3c77ea4790a8dfb69658000955d9435f7cffacf2e799bbccd5fa1f7c6aa3e460d0eea20271b9d824e67199079
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqW:SCqm2Jpr0nNM7Dus7NxT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4176-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/4176-447-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\deployment.config	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	5a48d86fe8858f1b6b3d2652c047ceb9.exe

C:\Users\Admin\AppData\Local\Temp\5a48d86fe8858f1b6b3d2652c047ceb9.exe
"C:\Users\Admin\AppData\Local\Temp\5a48d86fe8858f1b6b3d2652c047ceb9.exe"
1⤵
- Drops file in Program Files directory
PID:4176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.6MB

MD5
fd5c3426ffa3801bf616e9d8b946e67c

SHA1
82e8884464b54cbd37175578beb870d6acb0cc7d

SHA256
8de844f0bdf83f90a74cede9b29136d7d7c0a22f2543fe8e168453e8449ec132

SHA512
90d702f50a05493f0af06b0c0cb7b3c02bd4dd0e507a145fe21144608cc5067f97dfe646e74698d5055fe55277fb9be45e8eef922f6c8016d6b0e9dcf5f09683

Download Submit
memory/4176-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4176-447-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads