Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15-01-2024 00:49
Behavioral task
behavioral1
Sample
5bb18f24dd5b94944c340c826bd90d25.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
5bb18f24dd5b94944c340c826bd90d25.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
5bb18f24dd5b94944c340c826bd90d25.exe
-
Size
1.8MB
-
MD5
5bb18f24dd5b94944c340c826bd90d25
-
SHA1
ca9e40328da1fd8e2bf6b02b968f438a09d6c761
-
SHA256
36813b5da391348dd2c917ce89ea1e754cc84f4834781114ccd7bde35feddda7
-
SHA512
ac1b79e6d914d00142edb9bcd6ff98f23e4861ad860f6eebbe6d747201a8d3df8f72b2901db85cf4a01cc65bedcbc0bff3268fd6209f31ba6507d8c75e0b99e3
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHb:SCqm2Jpr0nNM7Dus7Nx27
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2368-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral1/files/0x000a0000000155f7-5.dat upx behavioral1/memory/2368-2337-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral1/memory/2368-9210-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 9 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Chess\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Hearts\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini 5bb18f24dd5b94944c340c826bd90d25.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\7-Zip\Lang\ext.txt.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\System\wab32.dll 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DebugMove.xls.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\UpdateInvoke.ocx.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.exe 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf 5bb18f24dd5b94944c340c826bd90d25.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.exe 5bb18f24dd5b94944c340c826bd90d25.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar 5bb18f24dd5b94944c340c826bd90d25.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
809KB
MD5ee112f9b0478d85b9a9010c8f2996d3d
SHA1393095b80f47f214f8a3d879a1c03db1731c089d
SHA25641828a71c464a6a1787fb1fa8651596599dfbca57c997c8d7152c2bb432ff40e
SHA51246ebd9af08323ff925128a33bbe478ec0d358a6aede2567479f137ec608129b239ed0a257d03d917969115fb50a1ed10893bda0faeea93788d998866afc71665