8cec60d7590e6d95276d48d06dd5503810a2327f0f199d57144243188b93d87e

Analysis

max time kernel
146s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

680a98079e6df68cec449855c7c96238.exe
Size

1.8MB
MD5

680a98079e6df68cec449855c7c96238
SHA1

2e4b9acfd165ffbdb26cf1e40695fc27e8c6239b
SHA256

8cec60d7590e6d95276d48d06dd5503810a2327f0f199d57144243188b93d87e
SHA512

1d50abb8cf1797434d58a867150872076f7ee13bddad00bd3221e3b0fc4ea9f2823df075ea45672ab0911e7bee2a63584c7407fa5d08b92e4c6eb10550de2d45
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqq:SCqm2Jpr0nNM7Dus7NxL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000015dd6-5.dat	upx
behavioral1/memory/2292-774-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	680a98079e6df68cec449855c7c96238.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\lib\meta-index	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\LockClear.i64.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jaas_nt.dll	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.exe	680a98079e6df68cec449855c7c96238.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.exe	680a98079e6df68cec449855c7c96238.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden	680a98079e6df68cec449855c7c96238.exe

C:\Users\Admin\AppData\Local\Temp\680a98079e6df68cec449855c7c96238.exe
"C:\Users\Admin\AppData\Local\Temp\680a98079e6df68cec449855c7c96238.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
4cb588e036df46a6d231acc4353adab1

SHA1
c4bce8889d29fd10e95d7552ca67c554e67ab4c6

SHA256
025b1afe8a11c8ec5c37574f985b51a55c751e1eb93ed62e6b5ebacb9c7f8463

SHA512
a5a55a3f297454ecdfe19bb858e5cdd678dabf113bf6869055fe1d8a6f1b93a849f78eedbc6ee1a11de21f75480242a8869745b7f081785ac119f356d02a5419

Download Submit
memory/2292-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2292-774-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads