4f4e1a1e85fe2696247ee5970646daa0aaedaef1c431692154cf0b5551c7a92d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7013957af034f3089dfae1c6776ca99f.exe
Size

2.8MB
MD5

7013957af034f3089dfae1c6776ca99f
SHA1

f9af7e4f9415a341d182621dd9ce9ba1ff0f4218
SHA256

4f4e1a1e85fe2696247ee5970646daa0aaedaef1c431692154cf0b5551c7a92d
SHA512

391a5590feb61e5b63e07b1e9a6507d30b8d962e0c72e6eb2e10900242a155888529fd455482b97165753844c64155e7a2ffffbf8f0e59eef3801b932eb19438
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91C:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1952-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227a8-5.dat	upx
behavioral2/memory/1952-1335-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	7013957af034f3089dfae1c6776ca99f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.ELM	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Base.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextDark.scale-125.png	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-125.png	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\SmallTile.scale-125.png	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELM	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125.png	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-125.png	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-125_contrast-white.png.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\SmallTile.scale-125.png.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.exe	7013957af034f3089dfae1c6776ca99f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.exe	7013957af034f3089dfae1c6776ca99f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML	7013957af034f3089dfae1c6776ca99f.exe

C:\Users\Admin\AppData\Local\Temp\7013957af034f3089dfae1c6776ca99f.exe
"C:\Users\Admin\AppData\Local\Temp\7013957af034f3089dfae1c6776ca99f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
a97a4dcd91a4803fe1e84b5e3ace154b

SHA1
b314647764664c905776ec50c5f738a847d3155d

SHA256
f1b562594c4ff239375b579874ac4f49dd1b1defbc9b6667891ed296d9d9bda4

SHA512
97d93621bf83c0623d55ab9411ad3eaa25d9cc7576f132d7fac5ac1d2c7cd5b6aad19c7ef9a9d39763fa69082c30cc82c893e594e5debe46e25616ef0f535581

Download Submit
memory/1952-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1952-1335-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads