Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
14/01/2024, 08:15
Behavioral task
behavioral1
Sample
5abf0421ad0cbad07d8fe130f84b0d5d.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
5abf0421ad0cbad07d8fe130f84b0d5d.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
5abf0421ad0cbad07d8fe130f84b0d5d.exe
-
Size
2.8MB
-
MD5
5abf0421ad0cbad07d8fe130f84b0d5d
-
SHA1
30e9eb6b0761e98b79b450d846afc73e7e94ebca
-
SHA256
e8e2a07df7f60c109bf42b064fbe27ea42ec419b80df3612fe175ff9774138b9
-
SHA512
d005c13d7ffcc4debb4337b00f372c92af51be6c9ce0aac5500c49dbd7b26beeb3f59ab0a9f6d685c08f5a6ebf64296f98931ff5dcfb0ddfeec443242bdf4fd8
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91T5:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nZ
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 3400 Process not Found 3400 Process not Found 3400 Process not Found 3400 Process not Found 3400 Process not Found 3400 Process not Found -
resource yara_rule behavioral2/memory/4492-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x00010000000228b1-5.dat upx behavioral2/memory/4492-4187-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/4492-8622-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x00010000000219fc-8623.dat upx behavioral2/files/0x00010000000219fc-8625.dat upx behavioral2/files/0x00010000000219fc-8624.dat upx behavioral2/files/0x00010000000219fc-8628.dat upx behavioral2/files/0x00010000000219fc-8627.dat upx behavioral2/files/0x00010000000219fc-8626.dat upx -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 5abf0421ad0cbad07d8fe130f84b0d5d.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Net.Http.Rtc.dll.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\SuccessDot.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\7-Zip\Lang\ps.txt.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\THMBNAIL.PNG 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\FlatFreehand3D.mp4 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcomp140_app.dll.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200_contrast-white.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\notificationCenter_light.css.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dll 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\resources.pri 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-200.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-200.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CursorResourceBuilder.dll.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-200_contrast-black.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-100_contrast-white.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Windows Defender\es-ES\shellext.dll.mui 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_contrast-white.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-100.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-200.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\7-Zip\Lang\ne.txt.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-white.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\STINTL.DLL.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLL 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextLight.scale-125.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-100.png 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms 5abf0421ad0cbad07d8fe130f84b0d5d.exe File created C:\Program Files\Microsoft Office\root\vreg\excel.x-none.msi.16.x-none.vreg.dat.exe 5abf0421ad0cbad07d8fe130f84b0d5d.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
232KB
MD5c6e434856d9fab4bda12e86a1c997f47
SHA194811ead825623a23dd14ee41d8c9054cf34dbe9
SHA25627f24f5df14c0b78707563076b10c7d528586c9c4d9ca3f25c3f49e9c735de79
SHA512d6628d2715627cd2c90ed492b0426c0cfc042b95abbabf89c35f9ce6c374b0b08f966b2d97947941a4f600a7d50bcb41fcd4488594d750b3a0f15f8d4be9f8e7
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize772KB
MD598d732948a7d6a52f395699acdb76220
SHA15848906df9b3d969d906f7a8d700e773afbb8387
SHA25654f88ef4d6e8f4fbdfaf556f0e03902afbcb3fbaf60f48055fca70efe45bc5a1
SHA51249e1e2c8de376c6214e344e7785c4c071abd5328ca748053a8c28b958395d968fcade41d8250642835f0220de05b10fb0a56346a9dd3b264386a15ed3929af11
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize632KB
MD53963c5d845130fea98bf0c2b85cb9cca
SHA1e7ef10011bbd8bb9b18cc5eb75ef4aed8f0b7662
SHA256a41d9183ee6bd73582d3844e1c3c258753f0bd4563aff02b591e780b2f3922e2
SHA5122936efb52f41449c4d18abd6bcee763a6183e735eeb5ed732024385415fe22dca5e9c3a809571d720ad4059617b17c9ab7312d6bc9ce15e48371db9d05542e36
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize687KB
MD5dc7f5967c3af45820fb7fed581ef93b6
SHA16cebb790dc2c6624b86fb91fdff692acbe40927b
SHA256ef8924b9ac23921d6b92228bc43da95561978780a88388c56b16dcd38ef77f82
SHA5124da3a23d19125bdcd6aa1bc4044b1babd3a45019662ea1a2ee58367ccda29c7a9e03d94997aad7b530e57771939017dcddb57479356b2aa3a042380b17d5b494
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize903KB
MD5c8959e843b704b5bfca15a02510a58c9
SHA14909a141eb8ff748375d0535a7a79ed6e0f6250e
SHA256e14668509c17e4aea7084a0e16264e0de9b47d25e62bd7e2a8d51358d436a0a1
SHA512f74936e29f6ac3950fabf4dde6734f0651f58202c4e18065fe8173733d952fcf4bc676c7f9465af839e93259e559a918a1e5cebfc292359e0cb02ad85890fe77
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize816KB
MD577729ef4e87dddba2eafb5429df21543
SHA14f6836d0a78aaf406904d8546b7785e3b0c53ba2
SHA2564f9ac41d8c91d814cb93899b571c0672a597981fb2537c025b4aab3abaa4a6cc
SHA512cc8dc88bf7146c65691bee3a02d63df62d61130f62f06165024c3ce66306cd9754c3f39d9c627263345d0cbf904df25d8734ccdcdf57f528e4f4e0b171f56d27
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
Filesize697KB
MD554d5b75adaa181890393939c67e2625d
SHA1427bb728069520e2f2bf604a2a4383bd2570a94c
SHA25605ccef91ea47e66448adfe853fbc89950087509f642ce1aa1cbc72518706f819
SHA51261c35c35220708c0b21ae4001287f63f102dc48ecbee2ab292cc5315bc48e6d921bbcd4b622455bf1eecd64fe688ee059d42a4d0f8d1e967a16139d280abe046