00e6f8967f0d6966207f643dfec38be7460d41702f3830e24b8622baad14d3e3

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 16:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65751dc9f23d84309b01e776a445d61a.exe
Size

2.8MB
MD5

65751dc9f23d84309b01e776a445d61a
SHA1

5b38e244a142f767b885edd588f7d397ffc59c38
SHA256

00e6f8967f0d6966207f643dfec38be7460d41702f3830e24b8622baad14d3e3
SHA512

a582519586a3361d29df2600ab53f3f6c38dd8e63de66a8ea66ed7165115de5685aefb7bdf2c877d60792b7a71e14229303e567eccc8b261f25af8594e54e98f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91H:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nL

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3520	Process not Found
3520	Process not Found
3520	Process not Found

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3264-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/3264-4194-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3264-8719-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021974-8720.dat	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	65751dc9f23d84309b01e776a445d61a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-150.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-200.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.5f513be2.pri.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\Microsoft.VisualBasic.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_altform-unplated_contrast-high.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-100.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_scale-125.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7ca.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-400.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-100.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.ELM.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-16_altform-unplated.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\eml.scale-256.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\LICENSE.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-150.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-400_contrast-white.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MissingAlbumArt.jpg.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-300.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ta-IN\View3d\3DViewerProductDescription-universal.xml.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\microsoft-logo-white.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_contrast-black.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-black\OfflineError.svg.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jli.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleSmallTile.scale-125.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_HotelReservation.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-200.png	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_contrast-white.png.exe	65751dc9f23d84309b01e776a445d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-fullcolor.png.exe	65751dc9f23d84309b01e776a445d61a.exe

C:\Users\Admin\AppData\Local\Temp\65751dc9f23d84309b01e776a445d61a.exe
"C:\Users\Admin\AppData\Local\Temp\65751dc9f23d84309b01e776a445d61a.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.0MB

MD5
bd00862dc1b625240cd6c82a7b81fe71

SHA1
900109601201b3479380e8fa8f8233c80c3685a5

SHA256
e8af42007e6a9c57ec0da64476905e96a36959f743c10f44028435b4b2a1fa87

SHA512
918342519ce5f059b22c9387bab5c081541022796a0212e62297a144c3ea7351d8c4437f636b5553863995e0d647d7853ef78f416a6a756909e9a0ca6244bf18

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.8MB

MD5
2dd6debd813200b445ba62fbead28bd4

SHA1
6df368fc537b05c6faff9682b63ab5329ce6c684

SHA256
cfffbb0db72191c61bc038db4dbb0c2b878b9bb461ca7142be7655efd2d3266f

SHA512
7aa4d6a82cf286a69fbd6bdacb1531c7f9cb5a623f85f323ff41365bfe88073e4d2379d0883fd33a7e76a3a2d61e311eaa5f1bfe80f5027267fae1166dbaa8a6

Download Submit
memory/3264-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3264-4194-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3264-8719-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download