2208de9b71e681fd8d80821efe17cdd886703c4749ca501a4582b6caa76abba6

Analysis

max time kernel
151s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6432d30a415f20a0c343dd72ff0eb3dc.exe
Size

1.8MB
MD5

6432d30a415f20a0c343dd72ff0eb3dc
SHA1

92afda4858c420372241ad0474e51457d78fa6cc
SHA256

2208de9b71e681fd8d80821efe17cdd886703c4749ca501a4582b6caa76abba6
SHA512

0333c2fdcbe4b9bfbef2ad039ec450d790513e23a3d2a08771d6fd0951d7b925ac4aacf56ed4c28cdeea8985985e7051107645e857735aa3968ba373e4c05b2e
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqr:SCqm2Jpr0nNM7Dus7Nxe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4484-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/4484-773-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	6432d30a415f20a0c343dd72ff0eb3dc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	6432d30a415f20a0c343dd72ff0eb3dc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll	6432d30a415f20a0c343dd72ff0eb3dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.exe	6432d30a415f20a0c343dd72ff0eb3dc.exe

C:\Users\Admin\AppData\Local\Temp\6432d30a415f20a0c343dd72ff0eb3dc.exe
"C:\Users\Admin\AppData\Local\Temp\6432d30a415f20a0c343dd72ff0eb3dc.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
45ae5293960b8db41faa83da7b2747fd

SHA1
c6fec5f12380d96df7370bb0b12d8317f6b39724

SHA256
a916aa2eab17628b915fcc854c08ce2043e95f2b4a8e26673d9c5dfabdf00ea9

SHA512
679b7dc65a10888a67f67d7bccd98f2c02bc97510eecfd03083c1f9d30e212cac065f6a7c1ff3aaaefb9388c076407d9be4109e9404b1800b3c70fd41649ffcb

Download Submit
memory/4484-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4484-773-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads