db61b9f2b95195c6e1c8dc2f309e44ec2884cae80a2cbc6fb17fdaeb6145c6c1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6828994e0d38e077e156c08b873b6873.exe
Size

1.8MB
MD5

6828994e0d38e077e156c08b873b6873
SHA1

8d10bad52cf61888f56f367a8b9d19d205522f3e
SHA256

db61b9f2b95195c6e1c8dc2f309e44ec2884cae80a2cbc6fb17fdaeb6145c6c1
SHA512

a1fd443a621532119716632f3a89931660a47a63f1d3551db12c90c601bd140e0a320baaec75577f3cb05bb9f1f6c2df819f3ad8c4db372f7a4cb6d6c7d396df
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqP:SCqm2Jpr0nNM7Dus7NxK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1948-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0038000000015658-5.dat	upx
behavioral1/memory/1948-3637-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1948-9226-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\desktop.ini	6828994e0d38e077e156c08b873b6873.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.exe	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.exe	6828994e0d38e077e156c08b873b6873.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	6828994e0d38e077e156c08b873b6873.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui	6828994e0d38e077e156c08b873b6873.exe

C:\Users\Admin\AppData\Local\Temp\6828994e0d38e077e156c08b873b6873.exe
"C:\Users\Admin\AppData\Local\Temp\6828994e0d38e077e156c08b873b6873.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
71f3229e97d8fd6dcbc582e7b66cce03

SHA1
37c73eb738a7796e41356a88cf8fadc1ea78c0d9

SHA256
f8dab36a0922fe7ae90fa07c56abbe53e29f248b7e69d1c6dbf6f6833f084deb

SHA512
1e32cfe877e3924d6e71fb643bfa5931404e78b98f34c92121e20773dc8013b04218ca515864289da5a48ec466da23bde93b4d2a187e3327f47e37dd2b6d4bdc

Download Submit
memory/1948-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1948-3637-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1948-9226-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads