084f493d5dc9899551937116ae2c41528870b14d320285ce6c119a21bbaca8ab

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64c4a66acdb02415e481a4865b59a72e.exe
Size

1.8MB
MD5

64c4a66acdb02415e481a4865b59a72e
SHA1

1cef7a5685a4c9fc7393bf3d6d01fedd1e2afb15
SHA256

084f493d5dc9899551937116ae2c41528870b14d320285ce6c119a21bbaca8ab
SHA512

9410a5ee3d533651b449246615e8bcb6b5e501b8390317123dc3fe35599a1cac789d2e3cc6be1ec1b559548b2a532c240df1f1e6307dc396d2cc1946297e01aa
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHr:SCqm2Jpr0nNM7Dus7Nx2L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2848-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000143ec-5.dat	upx
behavioral1/memory/2848-3340-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2848-9185-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Perth	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayenne	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.exe	64c4a66acdb02415e481a4865b59a72e.exe

C:\Users\Admin\AppData\Local\Temp\64c4a66acdb02415e481a4865b59a72e.exe
"C:\Users\Admin\AppData\Local\Temp\64c4a66acdb02415e481a4865b59a72e.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
1022a4e87dfc4d01bc3d5f54f7553cb4

SHA1
7ddaa0ea2e9d1d611e54b291c430d19fbcbb75ea

SHA256
5a0ef5d54c3cb5cfb2abc29fb918a58f9bc12309a185d6995e5c2ebd6be29229

SHA512
27dbfa9607e584d9aadba29d53b035d126687ab45570a8249ed174e0de446249217e11b5dff07f66d57531c0c4ba5b1d1ab7d4df05eba5bd05688afda549e0cf

Download Submit
memory/2848-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2848-3340-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2848-9185-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads