f0c91a65f124f71b2ffd0c2893504799705287f6efe65dac715ce88c626cbba3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73233a39958798b56c97bfdbf7789e92.exe
Size

1.8MB
MD5

73233a39958798b56c97bfdbf7789e92
SHA1

b757ca1eaa49b299c45fc3f70b0a5769a405a80f
SHA256

f0c91a65f124f71b2ffd0c2893504799705287f6efe65dac715ce88c626cbba3
SHA512

2f0244ba6087770245e04d971cecd4dc81a18ba91cfe539a898dbf363d055e93dcd565672c57fda92a9f73dae8b4a33d59621daf1ee3cc1d672527066600da18
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH1:SCqm2Jpr0nNM7Dus7Nx2V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4512-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227a8-5.dat	upx
behavioral2/memory/4512-1696-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	73233a39958798b56c97bfdbf7789e92.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Linq.dll	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Windows Security\BrowserCore\manifest.json	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Linq.Expressions.dll.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\logo.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Gravel.dxt	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-125_contrast-black.png	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-200.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\subs-illustration.png.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\kweather.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\main.js	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_whats_new_v1.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-lightunplated.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-125.png.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\0.rsrc	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-100.png.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Java\jdk-1.8\release.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_contrast-black.png.exe	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs	73233a39958798b56c97bfdbf7789e92.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.exe	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-125.png	73233a39958798b56c97bfdbf7789e92.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.exe	73233a39958798b56c97bfdbf7789e92.exe

C:\Users\Admin\AppData\Local\Temp\73233a39958798b56c97bfdbf7789e92.exe
"C:\Users\Admin\AppData\Local\Temp\73233a39958798b56c97bfdbf7789e92.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
c8bd11b993b879628566d1cff34a399e

SHA1
7714410cfafb3606185873493b9b72ff717e9394

SHA256
ce260e66feee50cac9751669b645dd089f6259331020c25f8a88d30074644cda

SHA512
4b5b81d0a14850caddb4d553f81f1223298c388a3efc480e940fc2bcdcb33ae3aae64a3f06dc821b4bc3a3f4a96708a8b20a738b138f4029ca8503a237725d15

Download Submit
memory/4512-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4512-1696-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads